CN101547197B - A URL washing device and a washing method - Google Patents
A URL washing device and a washing method Download PDFInfo
- Publication number
- CN101547197B CN101547197B CN2009100391682A CN200910039168A CN101547197B CN 101547197 B CN101547197 B CN 101547197B CN 2009100391682 A CN2009100391682 A CN 2009100391682A CN 200910039168 A CN200910039168 A CN 200910039168A CN 101547197 B CN101547197 B CN 101547197B
- Authority
- CN
- China
- Prior art keywords
- url
- malice
- status
- time
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to a device and a method for washing URL which is used to be identified as a malice website. The URL washing device comprises a server terminal and a plurality of clients; the server terminal comprises a communication module, a URL state list, a URL state list modifying module, and a URL state list polling module; the clients comprise communication modules and malice URL detecting modules. According to the server terminal, the device continuously visit URL to obtain general visiting frequency of the URL; if in a k times of normal visiting time interval, the URL is not be treated as a malice URL and collected into the URL state list of the server terminal, the URL can be explained to be washed (be treated as a non-malice URL), thus greatly shortening washing time of a victimized URL. Besides, a server terminal to arrange a module for URL to be visited and tested is not needed, thus lowering operating pressure of the server.
Description
Technical field
The present invention relates to computer software fields, relate in particular to a kind of apparatus and method that the URL that once was identified as the malice network address is whitened.
Background technology
Utilizing webpage to hang horse and propagate rogue program, is a kind of important channel that rogue program is propagated.When a webpage connection (URL) was identified as the malice network address, the software of the search engine of band safety warning, browser and band web page browsing security protection can be tackled the visit to this URL.Most cases, the owner of URL also is the victim, assault this website and implanted rogue program or malicious code, the owner of website can remove it after finding.Problem is that after this website is safe, and above-mentioned instrument (software of search engine, browser and band web page browsing security protection etc.) can think in longer a period of time that also it is a malicious websites.Because; After in a single day search engine, browser etc. are identified as the malice network address with certain URL; Search engine, browser etc. will pass through fixing one-period just can visit this URL later on once more, if access result shows this URL safety, then it is whitened; Said URL whitens the network address that this URL exactly is set to non-malice among this paper, changes the state of URL into non-malice by malice.The above-mentioned cycle is generally very long, therefore, has delayed the user in time having removed the visit that webpage is hung the URL of horse.Why long the above-mentioned cycle is, and reason is, has the URL visit to attempt module at the server end of search engine, browser etc., and this module is constantly visited all URL circularly, and whether Return URL is the result of malice then.Because the global website One's name is legion also receives the restriction of the ability to work of server, the inevitable this trial cycle can be very long.
To sum up, be necessary to provide a kind of apparatus and method that can in time the URL that has removed webpage extension horse be whitened.What this method will solve is exactly to shorten whitening the time of these websites that are injured.
Summary of the invention
The present invention has overcome deficiency of the prior art, and first purpose of the present invention provides the be injured device of the time that whitens of URL of a kind of shortening.
Second purpose of the present invention provides the be injured time method that whitens of URL of a kind of shortening.
In order to realize above-mentioned first purpose, the present invention adopts following technical scheme:
URL whitens device, comprises server end and a plurality of client;
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The URL status list, it specifically comprises the acquisition time of the URL that each is collected, discovery time, last discovery time, discovery number of times, linking status, linking status are modified to the number of times of malice the earliest;
URL status list modified module, it is used for revising the various information of URL status list;
URL status list poll module, each linking status in its poll URL status list is the URL of malice;
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
Malice URL detection module, whether its URL that is used to detect that the user visits is malice URL, if URL that the user visits is malice URL, will this URL be sent to server end through the communication module of client and the communication module of server end; If be non-malice URL, then do not do any operation.
In order to realize above-mentioned second purpose, the present invention adopts following technical scheme:
Use above-mentioned URL to whiten the URL that device carries out and whiten method, it comprises that the URL state is compiled process and URL whitens process, and these two processes are carried out respectively;
The concrete steps that the URL state is compiled process are following;
A. malice URL detection module detects malice URL, sends to server end to this URL through the communication module of client and the communication module of server end;
If b. this URL is not present in the URL status list as yet, get into step c; If this URL Already in the URL status list, gets into steps d;
C.URL status list modified module increases this URL to the URL status list, and the acquisition time of setting this URL is the current time, and discovery time is the current time the earliest, and last discovery time is the current time; Find that number of times is made as 1, linking status is set to malice, and linking status is modified to the malice number of times and is made as 1, returns step a;
If d. the state of this URL in status list is malice, URL status list modified module changes the last discovery time of this URL into the current time, finds that number of times adds 1; If the state of this URL in status list is non-malice; URL status list modified module changes the discovery time the earliest of this URL into the current time; Last discovery time changes the current time into, finds that number of times is made as 1, and linking status changes malice into; Linking status is modified to the malice number of times and adds 1, returns step a;
The concrete steps that URL whitens process are,
Each linking status in the URL status list poll module poll URL status list is the URL of malice; The URL that satisfies following two conditions is simultaneously carried out linking status to be revised; Linking status is revised as non-malice: the first, the discovery number of times of this URL is more than or equal to 2; The second, (current time-last discovery time)>k* ((last discovery time-discovery time) the earliest/find number of times), wherein, k is the real number greater than 1.
Said apparatus and method constantly obtain the general access frequency of this URL to the visit of URL according to server end; If in the doubly normal access time interval of k; This URL is not collected into the URL status list of server end as malice URL; Can explain that then this URL is whitened (being considered to is non-malice URL), has shortened whitening the time of the URL that is injured greatly.In addition, do not need server end to be provided with in addition and carry out the module that the URL visit is soundd out, reduced the operating pressure of server.
Embodiment
URL whitens device, comprises server end and a plurality of client.
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The URL status list, it specifically comprises the acquisition time of the URL that each is collected, discovery time, last discovery time, discovery number of times, linking status, linking status are modified to the number of times of malice the earliest;
URL status list modified module, it is used for revising the above-mentioned various information of URL status list;
URL status list poll module, each linking status in its poll URL status list is the URL of malice;
The coefficient k value is tabulated, and has listed the value of coefficient k in different time sections in this coefficient k value tabulation, and wherein, k is the real number greater than 1.
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
Malice URL detection module, whether its URL that is used to detect that the user visits is malice URL, if URL that the user visits is malice URL, will this URL be sent to server end through the communication module of client and the communication module of server end; If be non-malice URL, then do not do any operation.
Introduce to use above-mentioned URL to whiten device below and carry out the method that URL whitens, this method comprises that the URL state is compiled process and URL whitens process, and these two processes are carried out respectively;
The concrete steps that the URL state is compiled process are following;
A. malice URL detection module detects malice URL, sends to server end to this URL through the communication module of client and the communication module of server end;
If b. this URL is not present in the URL status list as yet, get into step c; If this URL Already in the URL status list, gets into steps d;
C.URL status list modified module increases this URL to the URL status list, and the acquisition time of setting this URL is the current time, and discovery time is the current time the earliest, and last discovery time is the current time; Find that number of times is made as 1, linking status is set to malice, and linking status is modified to the malice number of times and is made as 1, returns step a;
If d. the linking status of this URL in the URL status list is malice, URL status list modified module changes the last discovery time of this URL into the current time, finds that number of times adds 1; If the linking status of this URL in the URL status list is non-malice; URL status list modified module changes the discovery time the earliest of this URL into the current time; Last discovery time changes the current time into, finds that number of times is made as 1, and linking status changes malice into; Linking status is modified to the malice number of times and adds 1, returns step a;
The concrete steps that URL whitens process are,
Each linking status in the URL status list poll module poll URL status list is the URL of malice; The URL that satisfies following two conditions is simultaneously carried out linking status to be revised; Linking status is revised as non-malice: the first, the discovery number of times of this URL is more than or equal to 2; The second, (current time-last discovery time)>k* ((last discovery time-discovery time) the earliest/find number of times), wherein, k is the real number greater than 1." (last discovery time-discovery time) the earliest/find number of times " represents this malice URL before by the average time interval of client-access; Above-mentioned formulate, in k average time interval doubly, still not having this URL of client reflection is malice URL; Think that then this URL is repaired; Become non-malice URL, therefore, carry out URL and whiten operation.
Also have a kind of situation to be, the frequency that some URL is visited is very low, and it is confirmed as after the malice URL first, possibly pass through a very long time and all again not have client-access, and like this, above-mentioned URL whitens process and just can not whiten it.To this situation; Each linking status in the URL status list poll module poll URL status list is the URL of malice, the URL that satisfies following two conditions is simultaneously also carried out linking status revise, and linking status is revised as non-malice: the first, the discovery number of times of this URL equals 1; The second, (preceding time-last discovery time)>Max; Wherein, Max generally can be set to 28-40 days for the longest the whitening the cycle in the service end setting.Certainly, the Max value also can be different according to the distribution range of client, are set at other values by programmer.
In said method, k is a correction factor, and correction factor is determined by two factors:
A. client distribution scale: scale is big more, and the k value is more little.The client scale is big more, and it collects data more near truth, so the correction demand of k is just more little.
B. client distribution time zone rule and current time client active degree in this time zone rule.If client time zone narrowly distributing, in narrower time zone, the situation of enlivening of all clients and the daily schedule in this time zone are closely related.So, the client that narrow time zone distributes, phase k value was revised with daily schedule is corresponding according to the current time.Because for same time zone (for example China), the frequency of client-access URL generally can be higher than the period in morning by day, therefore, by day generally should be littler as the k value of correction factor than the period in morning.Same reason, weekend, work and rest rule such as have a holiday also can have influence on the value of k.If the time zone of client distribution is wider, such as distribution all being arranged in overwhelming majority of countries, then can not consider the daily schedule and change, promptly do not consider the active degree of client in this time period.
Certainly, the concrete value of k can be set according to actual conditions by the programming personnel, just provides some the common factors that the k value is set that influence above.The k value is big more, and the correctness that whitens URL is high more, but possibly have influence on the time that URL should be whitened.Generally, k gets more than or equal to 2 value more safe, practical.The K value can be a definite value.Also can put into coefficient k value tabulation to the k value, list the value of coefficient k in different time sections in this coefficient k value tabulation, in the different periods, get different k values according to tabulation, carrying out URL like this, to whiten the accuracy of operation higher.
Above embodiment describes the only unrestricted technical scheme of the present invention in order to explanation.Do not break away from any modification or the local replacement of spirit and scope of the invention, should be encompassed in the middle of the claim scope of the present invention.
Claims (9)
1.URL whiten device, said URL whitens the network address that this URL exactly is set to non-malice, changes the state of URL into non-malice by malice, it is characterized in that, comprises server end and a plurality of client;
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The URL status list, it specifically comprises the acquisition time of the URL that each is collected, discovery time, last discovery time, discovery number of times, linking status, linking status are modified to the number of times of malice the earliest;
URL status list modified module, it is used for increasing the various information of URL to URL status list and modification URL status list; To not being present in the URL in the URL status list as yet, URL status list modified module increases this URL to the URL status list, and the acquisition time of setting this URL is the current time, and discovery time is the current time the earliest, and last discovery time is the current time; Find that number of times is made as 1, linking status is set to malice, and linking status is modified to the malice number of times and is made as 1; To the linking status in the URL status list is the URL of malice, and URL status list modified module changes the last discovery time of this URL into the current time, finds that number of times adds 1; For the linking status in the URL status list is the URL of non-malice; URL status list modified module changes the discovery time the earliest of this URL into the current time; Last discovery time changes the current time into; Find that number of times is made as 1, linking status changes malice into, and linking status is modified to the malice number of times and adds 1;
URL status list poll module, each linking status in its poll URL status list is the URL of malice; And the URL that satisfies following two conditions is simultaneously carried out linking status revise; Linking status is revised as non-malice: the first, the discovery number of times of this URL is more than or equal to 2; The second, (current time-last discovery time)>k* ((last discovery time-discovery time) the earliest/find number of times); Wherein, k is the real number greater than 1; Perhaps; The URL that satisfies following two conditions is simultaneously carried out linking status revises, linking status is revised as non-malice: the first, the discovery number of times of this URL equal 1, the second, (current time-last discovery time)>Max; Wherein, Max is the longest the whitening the cycle in the service end setting;
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
Malice URL detection module, whether its URL that is used to detect that the user visits is malice URL, if URL that the user visits is malice URL, will this URL be sent to server end through the communication module of client and the communication module of server end; If be non-malice URL, then do not do any operation.
2. URL according to claim 1 whitens device, it is characterized in that,
Server end also comprises coefficient k value tabulation, has listed the value of coefficient k in the different time sections in this coefficient k value tabulation, and wherein, k is the real number greater than 1.
3. use the said URL of claim 1 to whiten the URL that device carries out and whiten method, it is characterized in that comprise that the URL state is compiled process and URL whitens process, these two processes are carried out respectively;
The concrete steps that the URL state is compiled process are following;
A. malice URL detection module detects malice URL, sends to server end to this URL through the communication module of client and the communication module of server end;
If b. this URL is not present in the URL status list as yet, get into step c; If this URL Already in the URL status list, gets into steps d;
C.URL status list modified module increases this URL to the URL status list, and the acquisition time of setting this URL is the current time, and discovery time is the current time the earliest, and last discovery time is the current time; Find that number of times is made as 1, linking status is set to malice, and linking status is modified to the malice number of times and is made as 1, returns step a;
If d. the linking status of this URL in the URL status list is malice, URL status list modified module changes the last discovery time of this URL into the current time, finds that number of times adds 1; If the linking status of this URL in the URL status list is non-malice; URL status list modified module changes the discovery time the earliest of this URL into the current time; Last discovery time changes the current time into, finds that number of times is made as 1, and linking status changes malice into; Linking status is modified to the malice number of times and adds 1, returns step a;
The concrete steps that URL whitens process are,
Each linking status in the URL status list poll module poll URL status list is the URL of malice; The URL that satisfies following two conditions is simultaneously carried out linking status to be revised; Linking status is revised as non-malice: the first, the discovery number of times of this URL is more than or equal to 2; The second, (current time-last discovery time)>k* ((last discovery time-discovery time) the earliest/find number of times), wherein, k is the real number greater than 1.
4. URL according to claim 3 whitens method, it is characterized in that,
URL whitens process and also comprises; The URL that satisfies following two conditions is simultaneously carried out linking status to be revised; Linking status is revised as non-malice: the first, the discovery number of times of this URL equals 1; The second, (current time-last discovery time)>Max, wherein, Max is the longest the whitening the cycle in the service end setting.
5. URL according to claim 4 whitens method, it is characterized in that,
The setting of said k value is relevant with the quantity of client, and the quantity of client is many more, and the k value is more little.
6. URL according to claim 5 whitens method, it is characterized in that,
The time zone rule of the setting of said k value and all client distribution and the active degree of current time client are relevant;
If client is evenly distributed, then do not consider the active degree of current time client in each time zone rule;
If client distributes in narrower time zone, then the k value was revised according to the daily schedule.
7. URL according to claim 6 whitens method, it is characterized in that,
Said Max value is 28-40 days.
8. URL according to claim 7 whitens method, it is characterized in that,
K=2。
9. whiten method according to any described URL among the claim 3-8, it is characterized in that, said k value is present in the tabulation of coefficient k value, has listed the value of coefficient k in the different time sections in this coefficient k value tabulation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100391682A CN101547197B (en) | 2009-04-30 | 2009-04-30 | A URL washing device and a washing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100391682A CN101547197B (en) | 2009-04-30 | 2009-04-30 | A URL washing device and a washing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101547197A CN101547197A (en) | 2009-09-30 |
| CN101547197B true CN101547197B (en) | 2012-05-30 |
Family
ID=41194086
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100391682A Active CN101547197B (en) | 2009-04-30 | 2009-04-30 | A URL washing device and a washing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101547197B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663000B (en) * | 2012-03-15 | 2016-08-03 | 北京百度网讯科技有限公司 | The maliciously recognition methods of the method for building up of network address database, maliciously network address and device |
| CN103428183B (en) * | 2012-05-23 | 2017-02-08 | 北京新媒传信科技有限公司 | Method and device for identifying malicious website |
| CN103685158A (en) * | 2012-09-04 | 2014-03-26 | 珠海市君天电子科技有限公司 | accurate collection method and system based on phishing website propagation |
| US20140122567A1 (en) * | 2012-10-30 | 2014-05-01 | Qualcomm Incorporated | Preemptive framework for accessing short urls |
| CN105144767B (en) * | 2013-04-12 | 2019-07-02 | Sk电信有限公司 | For checking the device and method and user terminal of message |
| CN106961410B (en) * | 2016-01-08 | 2020-02-18 | 阿里巴巴集团控股有限公司 | Abnormal access detection method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588879A (en) * | 2004-08-12 | 2005-03-02 | 复旦大学 | Internet content filtering system and method |
-
2009
- 2009-04-30 CN CN2009100391682A patent/CN101547197B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588879A (en) * | 2004-08-12 | 2005-03-02 | 复旦大学 | Internet content filtering system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101547197A (en) | 2009-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101547197B (en) | A URL washing device and a washing method | |
| CN110189121B (en) | Data processing method and device, block chain client and block chain link point | |
| CN106899549B (en) | Network security detection method and device | |
| CN104767653B (en) | A kind of method and apparatus of network interface monitoring | |
| CN104079543A (en) | Method, device and system for obtaining intelligent home system monitoring permissions | |
| CN102833258A (en) | Website access method and system | |
| CN104301302A (en) | Unauthorized attack detection method and device | |
| CN105100032A (en) | Method and apparatus for preventing resource steal | |
| CN106961410B (en) | Abnormal access detection method and device | |
| CN105306463A (en) | Modbus TCP intrusion detection method based on support vector machine | |
| CN106993009A (en) | A kind of method and apparatus for loading webpage in a browser | |
| CN101453482A (en) | Real-time data transmission method and real-time data transmission system | |
| CN102831218A (en) | Method and device for determining data in thermodynamic chart | |
| CN113589775A (en) | Opening of processing steps for processing objects | |
| CN101488965A (en) | Domain name filtering system and method | |
| CN107276986B (en) | Method, device and system for protecting website through machine learning | |
| CN104391953B (en) | Detect the method and device of webpage renewal | |
| CN110502461A (en) | A kind of high efficient data capture method based on RS485 communications protocol | |
| CN105577718A (en) | Intelligent network information acquisition method and network information acquisition system | |
| CN106326736A (en) | Data processing method and system | |
| CN104967632B (en) | Webpage abnormal data processing method, data server and system | |
| EP3805960B1 (en) | Methods and systems for identifying software product installation instances | |
| CN107294905A (en) | A kind of method and device for recognizing user | |
| Cha et al. | On optimal replacement of systems with failure rates described by a random jump process | |
| US20220012233A1 (en) | Creation of a Blockchain with Blocks Comprising an Adjustable Number of Transaction Blocks and Multiple Intermediate Blocks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: KINGSOFT CORPORATION LIMITED Free format text: FORMER OWNER: ZHUHAI KINGSOFT SOFTWARE CO., LTD. Effective date: 20140902 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 519015 ZHUHAI, GUANGDONG PROVINCE TO: 100085 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140902 Address after: Kingsoft No. 33 building, 100085 Beijing city Haidian District Xiaoying Road Patentee after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Address before: Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Zhuhai Jida Lianshan Guangdong city of Zhuhai Province Patentee before: Zhuhai Kingsoft Software Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20090930 Assignee: Zhuhai Kingsoft Software Co.,Ltd. Assignor: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Contract record no.: 2014990000778 Denomination of invention: A URL washing device and a washing method Granted publication date: 20120530 License type: Common License Record date: 20140926 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model |